- From: Martin Nilsson <nilsson@opera.com>
- Date: Sat, 01 Nov 2014 17:53:00 +0100
- To: ietf-http-wg@w3.org
- Message-ID: <op.xonnumnhiw9drz@beryllium.bredbandsbolaget.se>
On Fri, 31 Oct 2014 22:14:29 +0100, Patrick McManus <mcmanus@ducksong.com> wrote: > > On Fri, Oct 31, 2014 at 3:42 PM, Jason Greene <jason.greene@redhat.com> > wrote: >> >>>> Ilari’s use case is a great example of where it all goes wrong: >> http://lists.w3.org/Archives/Public/ietf-http-wg/2014OctDec/0167.html > > I believe that just describes an API limitation, not a protocol problem. > A hypothetical implementation directly participated in the negotiation > of >XYZ and h2 but for whatever reason cannot ensure the relevant > properties of XYZ with respect to h2's application profile of tls laid > out in 9.2. I think it can be even easier than that. Given the assumption that no new suites will be created with worse security properties than the banned ones the ciphersuite can be any of these three - Known and secure - Known and insecure - Unknown and secure /Martin Nilsson -- Using Opera's mail client: http://www.opera.com/mail/
Received on Saturday, 1 November 2014 16:53:21 UTC